[&] In preparation for cyber incidents, what is the importance of establishing an IR toolkit?
- To ensure quick access to investigation and response tools
- To serve as a backup for all organizational data
- To reduce the number of personnel required during an incident
- To maintain logs for normal operations only

[&] Why is it important to define roles and responsibilities during the preparation phase?
- To facilitate faster role assignment post-incident
- To ensure roles can be assigned during an incident
- To clarify duties and escalation paths proactively
- To determine compensation rates for cybersecurity staff

[&] What is a likely outcome of inadequate preparation for incident response?
- Enhanced satisfaction with existing policies
- Increased confusion and delays during incidents
- Improved interdepartmental communication
- Efficient incident classification

[&] How do well-prepared organizations benefit during incident response compared to less prepared ones?
- They spend less on cybersecurity annually
- They avoid legal and regulatory frameworks
- They respond efficiently and minimize operational impact
- They rely heavily on external consultants

[&] What is the primary goal of the preparation phase in the incident response process?
- To establish capabilities before an incident occurs
- To develop a post-incident review process
- To select the cybersecurity framework
- To react quickly during an incident